Solutions Blog

What happens in an ATM, doesn’t always stay in an ATM

By Richard Arneson

It’s either not talked about often or doesn’t happen that frequently. But it should come as no surprise to learn that there is malware that targets ATMs. It makes perfect sense. ATMs run software, require connectivity and are stuffed with cash. Let me say that again—they’re stuffed with cash.

The latest ATM attack is quite different than your average attack, though. Actually, it’s a lot different. The malware, named WinPot, turns ATMs owned by an unnamed, but apparently well-known, vendor into slot machines. They’re selling it on the dark web for upwards of a thousand bucks. They created an interface that crudely mimics a one-armed bandit. Dials represent each of the ATM’s four (4) cassettes, which are the areas in which the cash is held (the design is to prevent an ATM from emptying its entire contents at a single time).

It’s no game of chance

WinPot differs from a traditional slot machine in one (1) very significant way—there’s no chance or luck involved. Once the “spin” button is tapped, the cash starts flowing. And after a cassette has emptied its cash, a “scan” button instructs the ATM to look for other cassettes that are still loaded with money. The slot machine-like interface is apparently for comedic effect only.

WinPot is not the first malware to attack ATMs. In fact, it’s not even the first to combine ill-gotten gains with laughs, or at least a hacker’s version of humor. Two (2) years ago, Cutler Maker was made available on the dark web for five (5) grand. It was loaded by plugging a flash drive into an ATM USB port. The interface looked more like the menu from a 1950’s-era diner. The felon served as virtual cook and accessed ATM cassettes by pushing “Check Heat”, then extracted cash with the cleverly labeled “Start Cooking” button.

Thankfully, illegally pulling cash from ATMs is no slam dunk

Just last year, Qin Qisheng, a software engineer from China, detected an operating system weakness in ATMs used by Huaxia Bank. Apparently, the OS created a small sliver of time at midnight during which ATM withdrawals weren’t recorded. He withdrew approximately $1 million prior to being arrested. His defense? He was storing the cash in his account for safekeeping, and, once the window had been sealed shut, would return the loot. Qin may know software, but he’s no Clarence Darrow. His defense didn’t hold up in court. He was sentenced to over ten (10) years in prison.

Stay steps ahead of cyberattackers by working with these folks

To find out how to secure your organization’s network and protect its mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

If you want more information about network security, read more about it here:

Google launches itself into cybersecurity space

Getting Stuffed at Dunkin’ Donuts?

Security Myths Debunked

State of the Union address focuses on technology–briefly

The technology arms race was just amped up

Apparently, cyber attackers also consider imitation to be the sincerest form of flattery

Last week’s DHS “alert” upgraded to “an emergency directive”

The Collection #1 data breach—sit down first; the numbers are pretty scary

Shutdown affects more than workers

DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom

Phishing for Apples

This isn’t fake news

Don’t get blinded by binge-watching

Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts

Step aside all ye crimes—there’s a new king in town

Q & A for a Q & A website: Quora, what happened?

They were discovered on Google Play, but this is no game

And in this corner…

Elections are in, but there’s one (1) tally that remains to be counted

Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan

Gen V

Sexy, yes, but potentially dangerous

Tetration—you should know its meaning

It’s in their DNA

When SOC plays second fiddle to NOC, you could be in for an expensive tune

How to protect against Ransomware

Google launches itself into cybersecurity space

By Richard Arneson

As if they don’t have enough going on, Google just launched its first cybersecurity company. In the event you missed the announcement, you’re not alone. Oddly, the launch was disclosed in a January 24th blog post written by Stephen Gillett.

Alphabet, Google’s parent company, is technically responsible for lift off. The rocket’s name is Chronicle, and it’s currently being tested with several undisclosed Fortune 500 companies. Oh, yes, and Gillett is Chronicle’s new CEO.

According to Gillett, Chronicle will provide two (2) services:

  1. VirusTotal, an anti-malware intelligence service that Google purchased in 2012 and has been running since, and
  2. A cybersecurity intelligence and analytics program designed to help customers better manage and make sense of their own IT security-related data.

Like Google, Chronicle is an Alphabet subsidiary born out of X unit, also known as The Moonshot Factory, which is a department within its R & D incubator. Moonshot technologies make, in Alphabet’s words, “the world a radically better place.” It’s another way of saying that the technologies aren’t being developed to line their pockets, as much as to benefit humanity. Not that they’ll be giving away Chronicle for free. Sure, its “moonshot” origins sound noble, but Chronicle isn’t a philanthropic venture.

All that data…

Chronicle, at its core, is focused on the mountains of data that accumulates like dust on an exercise machine. They want to reduce the time it takes to discover attacks and, in an admirable act of vengeance, turn the tables on hackers. To accomplish this, Chronicle will utilize machine learning that, according to Gillett, is more advanced than anyone’s in the IT security space.

Chronicle promises to address a security-related issue that gets worse by the day—the proliferation of alerts, many false positive, that can’t be managed by the majority of infoSec teams. Chronicle will analyze alerts to help personnel better determine which are the most critical, and most likely, to represent genuine threats.

According to Gillett’s blog post, “We want…to capture and analyze security signals that have previously been too difficult and expensive to find. We are building our intelligence and analytics platform to solve this problem.”

Cybersecurity concerns? Talk to these folks

To find out how to secure your organization’s network and protect its mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

If you want more information about network security, read more about it here:

Getting Stuffed at Dunkin’ Donuts?

Security Myths Debunked

State of the Union address focuses on technology–briefly

The technology arms race was just amped up

Apparently, cyber attackers also consider imitation to be the sincerest form of flattery

Last week’s DHS “alert” upgraded to “an emergency directive”

The Collection #1 data breach—sit down first; the numbers are pretty scary

Shutdown affects more than workers

DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom

Phishing for Apples

This isn’t fake news

Don’t get blinded by binge-watching

Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts

Step aside all ye crimes—there’s a new king in town

Q & A for a Q & A website: Quora, what happened?

They were discovered on Google Play, but this is no game

And in this corner…

Elections are in, but there’s one (1) tally that remains to be counted

Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan

Gen V

Sexy, yes, but potentially dangerous

Tetration—you should know its meaning

It’s in their DNA

When SOC plays second fiddle to NOC, you could be in for an expensive tune

How to protect against Ransomware

Thank God I’m a Country Boy…as long as I get broadband

By Richard Arneson

Ah, yes, life on the farm. The pastoral setting. The din of tractors backfiring, chickens clucking and cows mooing. And don’t forget the sound of farmers cursing their poor Internet connectivity.

Worry no more rural America! The U.S. government has introduced a plan called the American Broadband Initiative (ABI). Its goals is to ramp up broadband deployment to millions of Americans in rural communities. And over twenty (20) government agencies have joined the cause, which was introduced and signed by President Trump last month.

The ABI’s 3-legged stool

The ABI, as outlined in a White House report, will meet its goals by adhering to the following three (3) elements

  1. Utilize existing federal assets, such as buildings, towers and land to lower the cost of broadband buildouts. In addition, it will encourage the broadband service providers to expand their infrastructures to include rural America.
  2. Make it easier for the telecom companies to obtain necessary permitting to build out those infrastructures. The ABI will loosen the federal rights-of-way for broadband providers and allow them to leverage the federal assets (as listed above) to speed up the deployment of broadband access. Call this one “Reduce the red tape.”
  3. Maximize the use of federal funds to better target areas at need, provide more consistency and deliver incentives for state and local governments that efficiently utilize these federal funds.

According to the report, which was authored by Commerce Secretary Wilbur Ross and Agriculture Secretary Sonny Perdue, “While the government serves an important role, we strongly believe that nothing creates innovation more effectively than unleashing the free market economy from burdensome government regulations. Toward that end, the reforms outlined in this report are dedicated to removing regulatory barriers and expanding opportunities for successful private-sector capital investments.”

It is set to begin last December— say what?

In December, the Agriculture Department set aside over six hundred million dollars ($600 million) for grants and loans that will advance the ABI’s goals. And last week the Interior Department announced measures to increase broadband on federally-managed land, which includes allowing broadband service providers to deploy wireless and wired infrastructures on existing communications towers. It’s a significant step considering the federal government manages over twenty percent (20%) of the United States’ acreage, the majority of which is located in rural America. And to support this, they’ve released a mapping tool so service providers can locate the federal government’s infrastructure locations.

And if you thought the federal government had already taken on this initiative…

The ABI is a continuation of two (2) earlier efforts to hasten broadband connectivity to rural America—the 2-year-old Broadband Interagency Working Group and the Connect America Fund, which was set up by the Federal Communications Commission (FCC) in 2014. In December, the FCC allotted an additional sixty-seven million dollars ($67 million) annually in support of it.

The ABI is a good first step. Err, ahh, 3rd step. Its success, though, depends on whether the service providers believe that building out their broadband infrastructure to rural America will turn a profit. Here’s hoping it will.

Questions about ensuring your infrastructure is optimally working for you?

If you’d like to learn more about how to digitally transform your organization, talk to the expert solutions architects and engineers at GDT. For years they’ve been helping customers of all sizes, and from a wide array of industries, realize their digital transformation goals by designing and deploying innovative, cutting-edge solutions that shape their organizations and help them realize positive business outcomes. Contact them at SolutionsArchitects@gdt.com or at Engineering@gdt.com. They’d love to hear from you.

You can read more about how to digitally transform your infrastructure here:

A road less traveled…than you’d think

The four (4) horsemen of HCI

Who doesn’t want to Modernize?

Workshops uncover insights into the state of IT and Digital Transformation

What is Digital Transformation?

The only thing we have to fear is…definitely not automation

Without application performance monitoring, your IoT goals may be MIA

When implementing a new technology, don’t forget this word

Automation and Autonomics—the difference is more than just a few letters

Is Blockchain a lie detector for the digital age?

If you fall victim to it, you won’t end up marking it as “like”

They were discovered on Google Play, but this is no game

Blockchain; it’s more than just Bitcoin

When being disruptive is a good thing

Getting stuffed at Dunkin’ Donuts?

By Richard Arneson

Just last week, sugary sweet giant Dunkin’ Donuts was hit with its second cyber-attack in three (3) months. Both attacks can be filed in a cyberattack category you may not have heard of—credential stuffing. It’s a type of brute force attack in which stolen credentials are used to access other online accounts.

We’ve all signed up for online membership programs, right? Doing so grants you access to coupons, perks and special deals for products and services. Nothing wrong with that. But Credential Stuffing Attacks target these membership programs, which allows hackers to access accounts and get names, email addresses and account numbers associated with the program.

Membership and loyalty programs have been around for years, and their quid pro quo nature benefits both parties involved. You get good deals and the vendor builds a rich database of customers to whom they can market. And because they rarely involve sensitive information, such as credit card numbers or social security numbers, they don’t often raise red flags for customers. They know what signing up results in—offers and information getting pushed to your inbox. And, of course, you can opt-out at any time. So, what’s the problem?

Here’s how credential stuffing works, and why you should care about it

Credential stuffing involving donut shops may sound benign, but attackers are looking to do more than disrupt vendor couponing. Last August, credential stuffing resulted in a $13.5 million bank heist in India.

Through automated tools and scripts available on the dark web, credential stuffers use stolen login information to target particular websites. The login information can stuff websites’ account logins until matches are uncovered. They’re then sold on the dark web advertising that they’ve been verified to work on a particular site.

If you don’t use one (1) of the many password managers on the market, you should. And if you don’t, you’ve probably found yourself using the same login and password for a wide range of sites. And, who knows, you may be using the same login information for online banking that you do for the sandwich shop around the corner. Is getting 2 for 1 patty melts worth more than a hacker gaining access to your financial data? Probably not.

Steps to protect your organization against credential stuffing

If you currently offer a membership or loyalty program, it’s advised that you take a regular look at authentication logs. If you see a large number of authentication attempts from the same IP address, you may be the victim of credential stuffing. Also, if you’re allowing access through Tor nodes, which allow users to remain anonymous, it can be difficult to determine the source. You may want to block access from Tor nodes altogether.

And, yes, it may annoy some customers, but requiring members to periodically reset passwords can help guard against credential stuffing attacks. But be careful with the wording of the communique, or customers may think they’re they a phishing target.

Let these folks take the complexity out of your security posture

To find out how to secure your organization’s network and protect its mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

If you want more information about network security, read more here:

Security Myths Debunked

State of the Union address focuses on technology–briefly

The technology arms race was just amped up

Apparently, cyber attackers also consider imitation to be the sincerest form of flattery

Last week’s DHS “alert” upgraded to “an emergency directive”

The Collection #1 data breach—sit down first; the numbers are pretty scary

Shutdown affects more than workers

DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom

Phishing for Apples

This isn’t fake news

Don’t get blinded by binge-watching

Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts

Step aside all ye crimes—there’s a new king in town

Q & A for a Q & A website: Quora, what happened?

They were discovered on Google Play, but this is no game

And in this corner…

Elections are in, but there’s one (1) tally that remains to be counted

Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan

Gen V

Sexy, yes, but potentially dangerous

Tetration—you should know its meaning

It’s in their DNA

When SOC plays second fiddle to NOC, you could be in for an expensive tune

How to protect against Ransomware

DCIM—helping the Offensive Linemen of IT get their due

By Richard Arneson

You usually don’t hear about it until you’re touring a data center in person, if even then. While starstruck by the vast collection of colored cables, twinkling equipment and shiny racks, you probably didn’t give it a thought, much less any credit. Let’s change that. So today—Valentine’s Day—let’s give some much-earned love to the data center’s physical facility. You know, the power, cooling, floor space, environmental control, etc.

DCIM, which stands for Data Center Infrastructure Management, is a software suite that serves two (2) masters. It combines the more glamorous IT with physical assets, the oft-ignored, but vitally important “offensive linemen of the data center.”

A quarterback without a solid offensive line will spend the majority of his time on his backside, regardless of his arm strength, good looks or how high he was selected in the draft. His effectiveness depends implicitly on his offensive linemen, who rarely get due credit or big endorsement dollars. But combine the two (2) and you’ve got a team. And that’s a word that can be aptly used to describe DCIM. It’s a team approach for addressing what all data centers experience on a regular basis—change.

Data center change is more than adding equipment and hoping there’s space, A/C and outlets to accommodate it. DCIM allows organizations to manage and deftly address ever-changing workflows and track costs associated with equipment moves, adds and changes. And it simplifies operational complexities, so the overall value of your data center can be comprehensively realized and managed.

Interaction, Communication—Hut, Hut, Hike

If a quarterback doesn’t call a play, offensive linemen may drop back to pass block on a running play; not good—probably a loss of yardage. A DCIM software suite blends IT and facilities, taking both into account, so organizations can optimally deploy data center assets. It allows management to quickly capture an overview of the data center’s functionality and the health of its systems. DCIM can significantly impact cost structures. For instance, energy consumption can be calculated upfront instead of waiting for a bill at the end of the month.

Data center facilities are costly, but cost savings can be gained by identifying unused resources or optimizing existing capacity. Not having to buy additional capacity when it’s not needed is good for the bottom line.

DCIM satisfies more than IT and Facilities

While it’s obvious that IT organizations will be key players in the DCIM game, it’s only slightly less obvious that facilities will be fully engaged. But don’t forget what it takes for all of this to work—money. Yes, finance departments will have an eye on a DCIM solution. They’ll probably want to compare costs against business value—DCIM can help provide that.

And don’t forget those folks in the corner offices. Executives are more focused on IT than ever before. IT is no longer just about pushing data across the network, backing it up and manning a help desk. More and more executives are looking to IT departments for revenue generation.

Questions about DCIM, Data Center Modernization and Digital Transformation?

If you’re wondering how to modernize your data center and utilize the management tools needed to ensure you enjoy its true value, call on the expert solutions architects and engineers at GDT. For years they’ve been helping customers of all sizes, and from a wide array of industries, realize their digital transformation goals by designing and deploying innovative, cutting-edge solutions that shape their organizations and help them realize positive business outcomes. Contact them at SolutionsArchitects@gdt.com or at Engineering@gdt.com. They’d love to hear from you.

You can read more about how to digitally transform your infrastructure here:

The Four (4) Horsemen of HCI

Who doesn’t want to Modernize?

Workshops uncover insights into the state of IT and Digital Transformation

What is Digital Transformation?

The only thing we have to fear is…definitely not automation

Without application performance monitoring, your IoT goals may be MIA

When implementing a new technology, don’t forget this word

Automation and Autonomics—the difference is more than just a few letters

Is Blockchain a lie detector for the digital age?

If you fall victim to it, you won’t end up marking it as “like”

They were discovered on Google Play, but this is no game

Blockchain; it’s more than just Bitcoin

When being disruptive is a good thing

Security Myths Debunked

By Richard Arneson

It could be argued that network security is similar to the average man’s relationship with the doctor’s appointment. It isn’t seen as important until something goes wrong.

Appointment-fearing men aside, the following are seen as the two (2) most common myths concerning network security, at least according to Ciaran Martin, the CEO of the National Cyber Security Center, which is the cyber arm of Great Britain’s Government Communications Headquarters (GCHQ). Martin went on to issue this admonishment: “There isn’t much of an excuse any longer for not knowing about security as a business risk.” Nobody can argue his point, even though many don’t abide by it.

Myth One (1)—cyberattacks are targeted

While it’s true that cyberattacks are becoming slightly more targeted, the majority—as in just slightly under a hundred percent (<100%)
— aren’t prejudiced. They don’t care one (1) whit who they’ve trap in their web of deceit, lies and downright evil. Many companies still feel they’ve been flying under the radar due to the size or their organization or the industry in which they work. They think their anonymity somehow shields them from attacks. According to Martin, they don’t believe they’ll ever appear in the crosshairs of a cyberattack. “Tell that,” Martin said, “to the Western business leaders hit by NotPetya in the summer of 2017.” That malware attack, which was originally launched by Russia to infect Ukrainian networks, quickly spread throughout the world like a California wildfire. The damages to businesses globally reached around $300M. They’re rarely targeted! Myth Busted!

Myth Two (2) —cyber security is just too darn complicated

While this myth may sound like an April Fool’s joke, it’s not. Other than it being February 13th, it’s astounding, according to Martin, how many C-level executives share this sentiment. According to Martin, “When I view businesses in the UK and around the world, I’m often amazed by the sheer complexity and sophistication of the businesses and the risks that they manage.

“A company that can extract stuff from way below the ground, a company that can transport fragile goods to the other end of the planet in a really short period of time, a company that can process billions of financial transactions every hour is more than capable of managing cyber security risk.”

While this isn’t a security panacea, your company’s security posture can be substantially strengthened by ensuring software and systems are up-to-date. That doesn’t sound so complicated.

Here’s another easy security measure to implement: Conduct security awareness training. Create policies concerning network security, provide accompanying training, and heavily stress the importance of strictly adhering to them. For every employee (and there could be hundreds, maybe thousands) who rolls their eyes at what might seem like commonsensical security training, all it takes is that one individual who doesn’t pay attention.

If nothing else, communicate this to employees: Make sure they ask themselves, prior to opening a link or attachment:

  • Do I know the sender? 
  • Do I really need to open this link or file?

If they don’t consider these questions, your organization could be ripe for the picking. Myth Busted!

Let these folks take the complexity out of your security posture

To find out how to secure your organization’s network and protect its mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

If you want more information about network security, check out the following articles:

State of the Union address focuses on technology–briefly

The technology arms race was just amped up

Apparently, cyber attackers also consider imitation to be the sincerest form of flattery

Last week’s DHS “alert” upgraded to “an emergency directive”

The Collection #1 data breach—sit down first; the numbers are pretty scary

Shutdown affects more than workers

DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom

Phishing for Apples

This isn’t fake news

Don’t get blinded by binge-watching

Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts

Step aside all ye crimes—there’s a new king in town

Q & A for a Q & A website: Quora, what happened?

They were discovered on Google Play, but this is no game

And in this corner…

Elections are in, but there’s one (1) tally that remains to be counted

Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan

Gen V

Sexy, yes, but potentially dangerous

Tetration—you should know its meaning

It’s in their DNA

When SOC plays second fiddle to NOC, you could be in for an expensive tune

How to protect against Ransomware

Bleichenbacher—the man, the legend, the TLS attack

By Richard Arneson

No, no, this is a good man.

According to a technical paper published by a team of academics, there’s a new cryptographic attack lurking. It allows attackers to intercept data believed to be secure through TLS (Transport Layer Security), which provides authentication encryption between network devices. The researchers who identified it have dubbed it ROBOT, an acronym for Return of Bleichenbacher’s Oracle Threat.

Technically, it’s not really new

As is often the case, attackers, who often lack creativity, ingenuity, or both, borrow from previously and successfully launched evil. In this particular case, the miscreants filched from the Bleichenbacher attack, which was launched last century (1998) and victimized SSL servers. In it, the attackers sent encrypted text, known as ciphertext, to be decrypted. The decrypted results they got back picked subsequent ciphertexts, and so on, and so on…

The attacker performs decryption through RSA, which is a key-exchange algorithm utilized by TLS and its predecessor, SSL (Secure Socket Layer). Along with key-exchange algorithms, TLS and SSL utilize symmetric-key algorithms, which are faster than their counterpart, but not quite on an encryption par. The key-exchange algorithms help determine the symmetric keys to use during a TLS or SSL session. Key-exchange algorithms are like a mediator who determines whether you’d like to converse with somebody, even though both of you speak a range of languages. Once you both agree that a conversation is merited, symmetric keys represent the language in which you’d both like to converse. The symmetric keys are created for agreed upon encryption and decryption, including any detected tampering.

Before you go hating on the name Bleichenbacher, (his Christian name Daniel) know that he is one (1) of the good guys. He is the erstwhile Bell Labs researcher who discovered the attack over two (2) decades ago.

These latest plagiarists come from a long line of scoundrels, though. There have been over ten (10) attacks that borrowed from the original Bleichenbacher attack. They were all effective to some degree, hence the imitations.

Here’s why it’s working

The authors of the TLS protocol had their hearts in the right place, but their retrofitted measures to make guessing the RSA decryption key more difficult have fallen short. Essentially, they’ve patched worn tires instead of buying new ones. What was needed was the replacement of the insecure RSA algorithm. Now, instead, many TSL-capable routers, servers, firewall and VPNs are still vulnerable.

The hits just keep coming

Not to be a downer, but it’s important to note that this latest attack works against Google’s new QUIC encryption protocol. And how’s this for irony? Google is Daniel Bleichenbacher’s current employer.

 Security Experts with the answers

To find out how to secure your organization’s network and protect its mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

If you want more information about network security, check out the following articles:

State of the Union address focuses on technology–briefly

The technology arms race was just amped up

Apparently, cyber attackers also consider imitation to be the sincerest form of flattery

Last week’s DHS “alert” upgraded to “an emergency directive”

The Collection #1 data breach—sit down first; the numbers are pretty scary

Shutdown affects more than workers

DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom

Phishing for Apples

This isn’t fake news

Don’t get blinded by binge-watching

Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts

Step aside all ye crimes—there’s a new king in town

Q & A for a Q & A website: Quora, what happened?

They were discovered on Google Play, but this is no game

And in this corner…

Elections are in, but there’s one (1) tally that remains to be counted

Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan

Gen V

Sexy, yes, but potentially dangerous

Tetration—you should know its meaning

It’s in their DNA

When SOC plays second fiddle to NOC, you could be in for an expensive tune

How to protect against Ransomware

State of the Union address focuses on technology—briefly

By Richard Arneson

If you missed it, you’re probably not the only one. It was fleeting, but if it slipped past you, technology was a focal point for one (1) brief, shining moment during last night’s State of the Union address. President Trump alluded to technology when he mentioned the need to increase the federal government’s “investments in the cutting-edge industries of the future.” Given the technological arms race between China and, well, the rest of the world, it’s a safe bet that 5G and AI were on his mind.

Executive Orders are waiting in the wings

The Wall Street Journal reported that Trump is preparing a number of executive orders to ramp up 5G and AI (Artificial Intelligence). While we’ll have to wait patiently to learn what specifically will be addressed, the Journal reports states that, according to administration officials, the orders will involve more government resources to advance AI and nudge private companies to enter the race to 5G.

According to Michael Kratsios, a White House technology policy aide, Trump’s overarching technology-related goal is to help ensure that American innovation will remain the envy of the world for generations to come.

Without mentioning the world’s most populated country, Trump’s commitment is clearly aimed at better competing against China, which is, according to most industry analysts both here and abroad, the far and away leader in the race to 5G. That’s not to say security-related issues are playing second fiddle, though. It’s a widely held suspicion that companies utilizing telecom equipment from China—most specifically equipment manufactured by Huawei or ZTE—are opening the door for Chinese espionage.

The United States and several Western European countries are mulling over legislation that would ban equipment manufactured by Huawei or ZTE. On Wednesday, Rob Strayer, the deputy assistance secretary for cyber and international communications and information policy, warned countries that purchasing Huawei networking gear would expand China’s surveillance capabilities to all four (4) corners of the world. Strayer warned that by using its massive 5G presence, Huawei would be poised to steal trillions of dollars in intellectual property and more easily deploy malware and attack competitors’ networks.

Can you afford to not talk to Security Experts?

To find out how to secure your organization’s network and protect its mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

If you want more information about network security, check out the following articles:

The technology arms race was just amped up

Apparently, cyber attackers also consider imitation to be the sincerest form of flattery

Last week’s DHS “alert” upgraded to “an emergency directive”

The Collection #1 data breach—sit down first; the numbers are pretty scary

Shutdown affects more than workers

DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom

Phishing for Apples

This isn’t fake news

Don’t get blinded by binge-watching

Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts

Step aside all ye crimes—there’s a new king in town

Q & A for a Q & A website: Quora, what happened?

They were discovered on Google Play, but this is no game

And in this corner…

Elections are in, but there’s one (1) tally that remains to be counted

Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan

Gen V

Sexy, yes, but potentially dangerous

Tetration—you should know its meaning

It’s in their DNA

When SOC plays second fiddle to NOC, you could be in for an expensive tune

How to protect against Ransomware

A road less traveled…than you’d think

By Richard Arneson

According to a recent study by a New York-based IT consultancy firm that works exclusively with Fortune 1,000 corporations, large companies aren’t transforming into truly data-driven organizations as fast as you’d suspect. The big boys, as it turns out, are a little behind the curve when it comes to utilizing data and analytics to help drive their organizations. Apparently, the road to digital transformation is paved with fewer Fortune 1,000 logos than you’d think.

While determining the degree at which organizations are data-driven is subjective, its meaning isn’t. In its basic of definitions, data-driven refers to the management of captured data to help, through analytics, develop business- driving and revenue-generating strategies and initiatives. Let’s face it, hunch-based decisions aren’t as sound as those derived through analytics.

The Study

The survey included sixty-four (64) C-Level technology executives from some of the world’s largest corporations—the biggies, ones we’ve all heard of, and many whose products we use daily. But it’s definitely not that they don’t regard becoming data-driven as highly important. It’s just that a spate of obstacles, both internal and external, have hamstrung their efforts.

Their impeded journeys aren’t due to a lack of spend, though. Over ninety percent (>90%) of those surveyed reported that their AI and Big Data spends are growing, and over fifty percent (>50%) said their investments in both have exceeded over $50 million. And respondents confirmed that they’re building organizations specifically to address them. In fact, almost seventy percent (<70%) currently have a Chief Data Officer. But here’s a big issue: seventy-five percent (75%) fear that moving too aggressively toward Big Data and AI may kink up their operations. They’ve spent the money, hired the driver, but they’re skittish about getting the race car onto the track.

What’s holding them back?

Evolving into a data-driven organization, especially when employing hundreds of thousands of workers in dozens of countries and spanning several continents, is no mean feat. It’s a slow process, even painfully so. Nobody would argue that point. But the slow migrations can be chalked up to more than a simple “It takes a while” retort. Over forty percent (>40%) stated that their organization isn’t properly and cohesively aligned to become data-driven, and almost twenty-five percent (<25%) said that cultural resistance is hampering their speed to digital transformation. Interestingly, though, just over seven percent (>7%) said that technology (yes, technology!) didn’t present any of the primary challenges. Here’s what did—business adoption. Almost eighty percent (<80%) cited it as their greatest challenge.

Another issue that may be holding them back is immediate need to secure revenue, which can easily push data-driven initiatives to the back burner. They know how digital transformation will enhance and advance their organization, but revenue will always hold the trump card.

Additional, and rather surprising, findings

One (1) of the things that’s surprising is that the percentage of respondents who identified their organization as being data-driven has dropped in each of the past three (3) years, from thirty-seven percent (37%) in 2017 to a skosh over thirty percent (30%) today. Here are a few more shockers:

Over seventy percent (>70%) admitted that they haven’t yet created a “data culture”, almost seventy percent (<70%) said that they have developed a data-driven organization, over fifty percent (>50%) don’t consider and treat data as a corporate asset, and over fifty percent (>50%) aren’t utilizing data and related analytics to help them become more competitive in the marketplace.

Questions about how to transform your organization into one (1) that’s data-driven?

If you’d like to learn more about how AI, Big Data and Analytics can digitally transform your organization, talk to the expert solutions architects and engineers at GDT. For years they’ve been helping customers of all sizes, and from a wide array of industries, realize their digital transformation goals by designing and deploying innovative, cutting-edge solutions that shape their organizations and help them realize positive business outcomes. Contact them at SolutionsArchitects@gdt.com or at Engineering@gdt.com. They’d love to hear from you.

You can read more about how to digitally transform your infrastructure here:

The four (4) horsemen of HCI

Who doesn’t want to Modernize?

Workshops uncover insights into the state of IT and Digital Transformation

What is Digital Transformation?

The only thing we have to fear is…definitely not automation

Without application performance monitoring, your IoT goals may be MIA

When implementing a new technology, don’t forget this word

Automation and Autonomics—the difference is more than just a few letters

Is Blockchain a lie detector for the digital age?

If you fall victim to it, you won’t end up marking it as “like”

They were discovered on Google Play, but this is no game

Blockchain; it’s more than just Bitcoin

When being disruptive is a good thing

You won’t want to let this policy lapse

By Richard Arneson

If statistical models and tables can be built to address it, there’s probably insurance to cover it…whatever it is. It can be anything from protecting against an automobile-winning hole-in-one at a company golf tournament, to fingers in the event you’re the lead guitarist of The Rolling Stones. The list is seemingly endless, and also silly, at times. Oscar-winning actress Shirley MacLaine allegedly has insurance to protect against alien abduction, and Lloyd’s of London, the king of the odd insurance policy, once offered—and sold—policies to protect movie-goers against death by laughter. Seriously. So, it should come as no surprise to learn that companies can now insure against cyber threats.

According to Rob Smart of Mactavish, a firm that works with many of England’s largest property & casualty insurance companies, said that it’s rare when a customer doesn’t inquire about cyber insurance. Many analysts believe the current cyber insurance market will double in the next eighteen (18) months, from $4 billion to $8 billion in premiums.

While it doesn’t get a lot of press, cyber insurance is more developed in the U.S. than in any other country due, in large part, to 2003 California legislation that requires firms to disclose information related to large data breaches. Many other states have followed suit. Europe is quickly ramping up, too, as a result of privacy and reporting laws that are now even stricter than those in the U.S.

Pricing the premiums proves problematic

The trickiest part of the equation for insurance companies is determining how much to charge for premiums. Basically, all software contains bugs, and many of them weaken security and open the door for hackers. And, unlike most other industries, insurance companies don’t have a lot of historical data about cyber threats and attacks from which to pull. And the pace of technological change makes it especially vexing considering future threats are just that—in the future. The most savvy of security experts can’t imagine or anticipate every danger that will surface down the road. When a company purchases a garden-variety property & casualty insurance policy, for instance, there is a ton of historical data that helps insurance companies know which events threaten a company and which ones present liability exposures.

Threats don’t discriminate

Another difficulty for insurance companies stems from the fact that cyber attacks don’t work independently. If a company is covered against hail in Texas, it won’t affect the insured in other parts of the country. But a software flaw can make all users immediately at risk, regardless of their location, industry or size. Take, for instance, 2017’s Wanna Cry Ransomware attack. A software vulnerability ended up affecting a quarter of a million computers spanning the globe. It didn’t matter who they were or where they were located.

And if the insurance company hasn’t properly calculated risks and, as a result, has undercharged for premiums, they’ll be left paying out more than they’ve taken in. And insurance companies don’t like to do that.

Here’s another way to protect against cyber threats

To find out how to secure your organization’s network and protect its mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

If you want more information about network security, check out the following articles:

But it’s just so exciting!

The technology arms race just got amped up

Apparently, cyber attackers also consider imitation to be the sincerest form of flattery

Last week’s DHS “alert” upgraded to “an emergency directive”

The Collection #1 data breach—sit down first; the numbers are pretty scary

Shutdown affects more than workers

DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom

Phishing for Apples

This isn’t fake news

Don’t get blinded by binge-watching

Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts

Step aside all ye crimes—there’s a new king in town

Q & A for a Q & A website: Quora, what happened?

They were discovered on Google Play, but this is no game

And in this corner…

Elections are in, but there’s one (1) tally that remains to be counted

Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan

Gen V

Sexy, yes, but potentially dangerous

Tetration—you should know its meaning

It’s in their DNA

When SOC plays second fiddle to NOC, you could be in for an expensive tune

How to protect against Ransomware